svchostdll_system svchost_svchost dll casn(8)

SvcHostDLL: CreateProcess(cmd /k whoami) to 640

C:/>tlist -s

0 System Process

8 System

240 services.exe Svcs: Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation, LmHosts,PlugPlay,ProtectedStorage,TrkWks,Wmi

504 svchost.exe Svcs: RpcSs

640 cmd.exe Title: C:/WINNT/System32/cmd.exe

1360 svchost.exe Svcs: EventSystem,Netman,RasMan,SENS,TapiSrv,IPRIP

C:/>net stop iprip

The IPRIP service was stopped successfully.

C:/>rundll32 svchostdll.dll,RundllUninstall iprip

DeleteService(IPRIP) SUCCESS.

7. 参考

Platform SDK: Tools - Rundll32

1） Inside Win32 Services, Part 2 by: Mark Russinovich, at: ?ArticleID=8943&pg=3

2） Platform SDK: Tools - Rundll32, at:

2003/8

8. 代码

// SvcHostDLL.cpp : Demo for a service dll used by svchost.exe to host it.

//

// for detail comment see articles.

// by bingle_at_email.com.cn

//

//

/* save following as a .def file to export function, only ServiceMain is needed.

other used to install & uninstall service.

or use /EXPORT: link option to export them.

EXPORTS

ServiceMain

InstallService

UninstallService

RundllUninstallA

RundllInstallA

*/

/*

To compile & link:

cl /MD /GX /LD svchostdll.cpp /link advapi32.lib /DLL /base:0x71000000 /export:ServiceMain /EXPORT:RundllUninstallA /EXPORT:RundllInstallA /EXPORT:InstallService /EXPORT:UninstallService

*/

//

// Articles:

// 1. HOWTO Create a service dll used by svchost.exe by bingle, at:

// 2. Inside Win32 Services, Part 2 by: Mark Russinovich, at:?ArticleID=8943&pg=3

// 3. Platform SDK: Tools - Rundll32, at:

本文来自电脑杂谈，转载请注明本文网址：
http://www.pc-fly.com/a/jisuanjixue/article-45628-8.html